The cyberattack encrypted a significant chunk of Atlanta’s municipal government computer systems, demanding six bitcoin (about $51,000) in exchange for the key to unlock the data. SamSam – the hacker group behind the attack – chooses their targets well. Since 2015, their high-value targets have netted them a bitcoin-denominated take totaling over $850,000.

All told, SamSam's attack locked up computer systems for many of Atlanta's 8,000 municipal employees – and a wide variety of services for metropolitan Atlanta's 6 million residents. “We are dealing with a hostage situation,” Atlanta Mayor Keisha Lance Bottoms grimly announced.

Impact of the Atlanta Ransomware Attack

Unlike most ransomware attacks on private businesses, the effects of the Atlanta cyberattack rippled far beyond the building. Here are a few areas where headaches outnumbered solutions:

Atlanta Police: homicide cases locked up. For a week after the attack, Atlanta Police detectives were not allowed to turn on their computers, and when they did, they only found a sarcastic SamSam message waiting.

Luckily, most other law enforcement systems were not affected. According to Atlanta Police Chief Erika Shields, the emergency response and dispatch systems were still running, but “officers had reverted to writing reports on paper out of an abundance of caution.”

Mayor Bottoms saw the humor in the situation: “For some of our younger employees, it will be a nice exercise in good penmanship,” she said.

Court proceedings for litigants not in police custody had to be canceled until the computer system was brought back online. The courts suspended failure-to-appear warrants for affected citizens, and rescheduled several court appearances without penalty.

City's online services: shut down. For a week after the attack, Atlanta residents could not pay water bills or report issues online. Some services were only available to walk-in customers, including zoning inspection requests, new water service requests, and water-meter renewals.

With so many computers in city hall affected by the cyberattack, personnel have had to share online resources. Reuters reported one laptop shared by three city council staffers after the attack: as councilman Howard Shook put it, "it’s extraordinarily frustrating."

Unlike Atlanta's court system, the airport infrastructure was not affected by the attack in any way, but, as their spokesman Reese McCranie put it, “we don't want to open up the airport to any possible cyberattack.” For a week after the attack, passengers had to check with their airlines for the information they needed.

Why Cities are Vulnerable to Ransomware

Public entities like Atlanta are unusually vulnerable to ransomware and other targeted attacks. Atlanta's wasn't the first ransomware attack to hit home, and certainly won't be the last.

Hackers know that government offices tend not to spend lavishly on their IT departments: stakeholders prefer that they prioritize public works over protecting their systems from attack.

Atlanta was not entirely ignorant of its IT problems: in 2015, the city began the process of ISO 27001 certification, including commissioning an audit to review its security procedures. A report issued in January exposed a number of glaring gaps that put the city's IT security at risk – among other things, about a hundred servers were running obsolete versions of Windows software!

Preventing Ransomware from Holding You Hostage

As more hacker collectives shift from extorting vulnerable individuals to squeezing larger, meatier targets, ask yourself this: what are you doing to keep your company from getting in a hacker’s crosshairs?

If your business lacks the expertise and resources to deal with ransomware threats, All Covered can meet the shortfall by delivering the proactive monitoring of a managed service provider (MSP) with the prevention and protection of a managed security services provider (MSSP).

Your Trusted Technology Partner

This website uses cookies to enhance your visiting experience on our site. For more details,
or to find out how to disable cookies please follow this link.
Please note that by deleting our cookies or disabling future cookies you may not be able to access certain areas or feature of our site.
By closing this message or starting to navigate on this website, you agree to the usage of cookies.